secpol_posix_spawnattr_settypeid()

Update a spawn attribute object to spawn a child with a different type

Synopsis:

#include <secpol/secpol.h>
int secpol_posix_spawnattr_settypeid(secpol_file_t *handle,
                                     posix_spawnattr_t *attrp,
                                     const char *name,
                                     uint32_t flags)

Arguments:

handle
Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
attrp
A pointer to the spawn attributes object to update.
name
Name of type, or name to derive type from based on the current type. If a derived type is used, NULL may be passed to use the default name "child".
flags
Zero or more flags from secpol_flags_e ORred together.

Library:

libsecpol

Description:

If a security policy is in force, the secpol_posix_spawnattr_settypeid() function updates the POSIX spawn attribute structure with the type to spawn as. If a policy is not in force, the function does nothing.

This function is equivalent to calling posix_spawnattr_settypeid(), but secpol_posix_spawnattr_settypeid() is simpler to use and allows a process to work both with and without security policies.

By default, the type ID is selected based on the process' current type and the name passed in (i.e., a derived type). The name parameter can also represent the actual type name by passing SECPOL_TYPE_NAME in the flags.

If the process spawns multiple child processes that are expected to have different security needs, a different name can be used for each to allow the security policy to fit the security requirements more closely. If the security of all children is likely to be substantially the same, NULL can be passed for the name to use the default name "child". This option can be used only if a derived type is used.

Because secpol_posix_spawnattr_settypeid() sets the POSIX_SPAWN_SETTYPEID flag in the spawn attributes if it is appropriate, you don't need to set it using posix_spawnattr_setxflags(). However, if you call posix_spawnattr_setxflags() to set additional flags, it is possible to lose flags that secpol_posix_spawnattr_settypeid() has set. To avoid this problem, call posix_spawnattr_getxflags() to get the current flags, OR in the additional flags, and then set the result using posix_spawnattr_setxflags().

Example

A security policy has the following rules:

derive_type resmgr1_t low_priv resmgr1_low_t;
derive_type resmgr1_t high_priv resmgr1_high_t;

These rules allow you use the following function call to spawn child processes with a lower level of privilege (of type resmgr1_low_t):

secpol_posix_spawnattr_settypeid(NULL, &attr, "low_priv", 0); 

The following function spawns child processes with a higher level of privilege (type resmgr1_high_t):

secpol_posix_spawnattr_settypeid(NULL, &attr, "high_priv", 0); 

Returns:

0 if spawn attributes were successfully updated or no update was wanted, or -1 if attribute update failed or no valid type was found.

Page updated: